Privacy and security have evolved. We are seeing various breaches that are devastating organizations across many industries. How can you secure your data in a world full of mobile devices, IoT,and the cloud? I attended the 2017 RSA Conference in San Francisco to dive into the problems organizations are currently facing in the information security world and to discover the latest industry innovations. Here\u2019s a recap of some of the trends and discussions that took place:\nPrivacy and security - the more they change, the more they stay the same\nOne of the most salient takeaways revolved around the fact that when we look at the evolution of privacy and security over time, we see that the basic idea behind each concept has remained the same. It\u2019s the way we approach them that\u2019s changing.\nThe fact is that while the probability of security breaches hasn\u2019t increased much in the past few years, the damage potential of breaches has increased dramatically. As a result, CIOs and CISOs need to focus on the business interests of privacy and security so that they become a part of the company culture itself, rather than being siloed and shrouded in mystery.\nMyles Suer, director of solutions and industry marketing at Protegrity, a data security firm, said \u201cThe concept of privacy goes back to the story of Adam and Eve; they covered themselves once they realized they had something they needed to hide. The same is true for data security. In a modern business, the need for privacy and data protection hasn\u2019t changed, but our approach to achieving them now consists of creating centrally managed policies and data governance as well as protecting the data itself. This renders the information useless to bad actors by using a data-centric security approach, rather than merely building a firewall.\u201d\nA simple example of this is when a top-level executive has a password stolen from one of their social profiles, and the password also happens to be the same one that unlocks their enterprise\u2019s most valuable data. This type of issue is cultural, not infrastructural or even technological. In this sense, another layer of encryption isn\u2019t sufficient because of the need to protect from threats caused by both the inside and the outside.\nVendor consolidation to shore up strategic benefits\nIn recent years, you\u2019d have many different vendors who would each provide an individual security service. However, the services wouldn\u2019t necessarily integrate well with one another. For example, you\u2019d have one vendor for single sign-on (SSO), another for multi-factor authentication (MFA), and a separate vendor for nearly every other service. The thought process was that each vendor was vying to offer the highest quality single solution, and that multi-solution packages were just crappy software suites that did many things but none of them well.\nHowever, the problem with having so many disjointed solutions is that they leave gaps that create inefficiencies and vulnerabilities in enterprise infrastructure. Enterprises are now looking for integrated platform solutions that provide all of the services they need and at top-tier quality.\nBill Mann, chief product officer at\u00a0Centrify, an identity management and information security firm, said \u201cIt was OK to have individual solutions a few years ago, but now leading vendors have evolved to integrate other parts of the market. Consolidation in identity management is the topic that\u2019s resonating the most with our customers, and this was especially evident in what we heard at RSA. We\u2019ve found that customers see consolidation as a way to more fully secure their enterprise.\u201d\nIdentity management technologies are becoming integrated\nNatural market forces are pushing together multiple overlapping functions because the customer now wants a user experience that\u2019s frictionless. This drives identity management technologies to become integrated. Enterprise customers are actively looking for ways to reduce their number of security vendors, and will replace existing single-point solutions when they find an integrated provider that covers multiple needs instead.\nChris Geisert, vice president of marketing at\u00a0LockPath, a governance, risk-management and compliance (GRC) firm, perceives the same trend, \u201cWe\u2019re seeing aggregation in the industry\u2014 people not just coming up with narrow point-based solutions but a more holistic, integrated approach to make information actionable.\u201d\nMore opportunities for clients to educate themselves before selecting a vendor\nAnother key trend is that customers are educating themselves more thoroughly about available solutions before making a selection. As a result, vendors are responding by positioning themselves to educate customers and help them make the best decisions for their enterprise.\nGeisert said, \u201cThe GRC space is maturing and customers want to know how to make big data actionable and turn it into real knowledge. In the past, people would buy a GRC platform without understanding its full capabilities. But now, they\u2019ve become much more sophisticated in terms of selecting the right solution to meet their needs. We responded by creating a content piece that explains what GRC is, what it will do for your business, what are some pitfalls and questions to ask, what are the myths about it, and even provides a sample RFP they can customize and use to seek out vendors.\u201d\nMann recommends that customers focus on their high-level strategic goals and then find solutions that correspond as closely as possible. He said, \u201cThink of the bigger picture and pick the platform that will solve all your immediate problems rather than choosing a single part of the solution. Having vendors explain how their solutions address your landscape of challenges is the best way to evaluate them.\u201d\nSuer said, \u201cPeople have seen others being hacked and they want to know how to protect themselves. As such, they want to figure out how to easily govern data across data silos and create centrally managed data access policies that cover all systems and users. We think that you should still put up a firewall and use encryption, but you also need to limit damage that can be done if hackers breach \u2013 protect the data itself. That way there\u2019s no \u2018full monty\u2019.\u201d\nThis year\u2019s RSA conference was very informative about what\u2019s going on in the information security industry. It will be interesting to watch how these key trends shape InfoSec in the coming years. In the meantime, the focus remains on making data secure, private, efficient and actionable.